package com.hongxia.assetsys.controller;

import com.hongxia.assetsys.common.BaseResponse;
import com.hongxia.assetsys.common.ErrorCode;
import com.hongxia.assetsys.common.ResultUtil;
import com.hongxia.assetsys.domain.SysUser;
import com.hongxia.assetsys.domain.request.UserLoginRequest;
import com.hongxia.assetsys.domain.request.UserRegisterRequest;
import com.hongxia.assetsys.exception.BusinessException;
import com.hongxia.assetsys.service.SysUserService;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

@RestController
@RequestMapping("/user")
@Slf4j
public class UserController {
    @Resource
    SysUserService userService;

    @PostMapping("/login")
    public BaseResponse<SysUser> userLogin(@RequestBody UserLoginRequest request, HttpSession session){
        String username = request.getUsername();
        String password = request.getPassword();
        if(username == null || username.equals("")){
            throw new BusinessException(ErrorCode.NULL_ERROR);
        }
        if(password == null || password.equals("")){
            throw new BusinessException(ErrorCode.NULL_ERROR);
        }
        //1.获取subject对象
        Subject subject= SecurityUtils.getSubject();
        //通过name,password封装为token对象中
        //现在能理解我们自定义的登录验证方法中，为什么能够从token中获取用户信息了吧
        AuthenticationToken token=new UsernamePasswordToken(username,password);
        //然后调用subject.login方法登录
        try {
            //此时就会去执行我们自定义的登录验证的方法，同时将token作为参数传递过去了
            subject.login(token);
            log.info("登录成功");
        }catch (AuthenticationException e){
            throw new BusinessException(ErrorCode.PARAMS_ERROR,"账号或密码错误");
        }
        SysUser curUser = userService.getUserByName(username);
        SysUser safetyUser = userService.getSafetyUser(curUser);
        //设置session
        session.setAttribute("user",curUser);
        return ResultUtil.success(safetyUser);
    }

    @PostMapping("/register")
    public BaseResponse<Long> userRegister(@RequestBody UserRegisterRequest userRegisterRequest){
        if(userRegisterRequest == null){
            throw new BusinessException(ErrorCode.PARAMS_ERROR);
        }
        //校验参数
        String username = userRegisterRequest.getUsername();
        String password = userRegisterRequest.getPassword();
        String checkPassword = userRegisterRequest.getCheckPassword();

        if(StringUtils.isBlank(username)){
            throw new BusinessException(ErrorCode.PARAMS_ERROR,"用户名为空");
        }
        if(StringUtils.isBlank(password)){
            throw new BusinessException(ErrorCode.PARAMS_ERROR,"密码为空");
        }        if(StringUtils.isBlank(checkPassword)){
            throw new BusinessException(ErrorCode.PARAMS_ERROR,"二次密码为空");
        }
        //
        long result = userService.userRegister(username, password, checkPassword);
        return ResultUtil.success(result);
    }

    @GetMapping("/current")
    public BaseResponse<SysUser> getCurrentUser(HttpServletRequest request){
        Object object = request.getSession().getAttribute("user");
        SysUser user = (SysUser) object;
        if(user == null){
            throw  new BusinessException(ErrorCode.NOT_LOGIN);
        }
        //从数据库中获取用户信息，以保证信息的实时性
        Integer id = user.getId();
        user = userService.getById(id);
        SysUser safetyUser = userService.getSafetyUser(user);
        return ResultUtil.success(safetyUser);
    }

}
